Digital Sheep Get Slaughtered–Being Safe On Social Media

We live in a wonderful world, an amazing time with infinite possibilities. Writers have more power than ever before in the whole of human history. Many of us are explorers in a New World, charting unknown territories in a realm with no boundaries. This is part of how we are able to offer you the writing conference of the future, WANACon (learn more HERE).

Every new territory comes with the splendors never seen, the resources never tapped, the powers never before harnessed. Yet with new opportunities come new predators eager to take advantage of the naive.

I can’t explain why there are those in this world who will hurt people they’ve never met or steal with no concern to what devastation they might create. But, these crooks are there, they are a real threat, and I’m here today to help you guard against attacks.

Hey, I may be a Lamb, but I’m no sheep ;).

There are digital sheep, digital wolves, but today I want to train you guys to be digital sheepdogs. We aren’t passive, but we are protective and we are on guard to protect those around us. We are not alone!

Mom, I’m happy you’re on FB, but please stop talking to the “nice man from the bank in Nigeria.”

One common tactic used by hackers and phishers, is they seek to get us upset. If they can scare us or momentarily panic us, we are far more likely to part with sensitive information without thinking.

Frequently they will tell us our account has been suspended because we have been breaking rules we haven’t broken like friending people we don’t know, or friending too many people or even that we have been reported as spammers. Of course, if we just “enter our password” they will get it sorted straight away. Uh huh.

They want us to think Not me! I follow the rules! This is a mistake! I need to get to the bottom of this RIGHT NOW!

When I see this, I log out then back in and often the message goes away, and then I report them. Facebook or Twitter can’t get these guys if we don’t blow the whistle.

Be a sheepdog. Sheep either get eaten by wolves (hand over password) or they go back to munching grass (playing Farmville). Digital sheepdogs go alert those in charge that wolves are sniffing the perimeter.

If someone is a suspected bot on Twitter, we should block and report them. If they try to phish our account, we need to report them. If we get odd e-mails that seem like phishing on Facebook, we must report it.

Digital Wolves WILL Wear Digital Sheep Clothing

So thieves will try to upset you. This will get you to react and hand over sensitive information. One of the ways they can get this reaction is by posing as an authority. For instance, I had this pop up on my Facebook:

Now, 99% of the time I am multitasking and have a toddler trying to scale the back of my head like the Mt. Shasta. Do you see how EASY it would be to catch me off guard and hack my account? Looks official…but look closer.

See how they tried to embarrass and upset me? These creeps know that most of us are good and decent and follow the rules. We were the kids who would have cried if we were threatened with a visit to the Principal. These trolls use what is good an noble about us to attack us. They will use our respect for authority against us if we let them.

I have also had a pop up appear when I went to get on Tweet Deck. The pop up from “Tweet Deck Security” was there to inform me me that my account had been suspended for suspicious spamming activity, but that they were sure it was all a misunderstanding. If I just typed in my password, they would make sure everything was sorted and my account would be unlocked.

I closed the window, logged out and logged back in. My account was fine. This was an attack.

If They Can’t Bait You with Bosses, They’ll Bait You with Buddies

Another common ploy is to come disguised as our “friends.”

The friend phisher will send a DM (direct message) about rumors about you or a nasty review or wild pictures and a link. The hacker is disguised as a fellow member of the herd. Baaaahhhhhh. Someone is saying baaaaaad things about you.

“I’m your friend so I am discreetly telling you so you can go tell them what for.”

No, they are a phisher, and, if you hit that link, your computer is toast. Malware will be all over you like fleas on sheep.

If you get a DM like this, be a sheepdog. Look out for your peeps. Tell them you are getting strange messages and alert them to change their passwords (Something more than seven digits with a number is a good choice). DM them back, but even if you can’t? No one will mind a, “Hey, I tried to DM you but I can’t. You might want to change your password. Getting weird DMs from you.”

This Also Applies to E-Mail

If you get an e-mail from a friend and there is only a link, DO NOT CLICK. If they write a message that seems out of character, DO NOT CLICK. REPLY ALL and alert everyone on the e-mail that this is likely a phisher and tell the sender to change her password immediately. Put in the subject line Re: THIS IS A PHISHER!!! DO NOT CLICK THE LINK!!!

Either the sender will come back and verify he really did send just a link; it was for a dancing squirrel and he hit “send” before he typed a message OR he can change his password and keep hackers from getting in any deeper.

If a friend e-mails for help because she is stranded (and you are unsure if this is really the person), feel free to e-mail back and tell the friend to call you. Since you are friends, then she should have your number.

DO NOT Forward on Cutesy E-Mails

Ever get those messages with a picture of an angel and you have to send to 25 friends in the next ten minutes if you want a miracle…but if you don’t forward the message the note promises that you will be hit with some form of bad luck? DO NOT PASS THESE ON. Hackers use these types of messages to get a hold of addresses.

How else could that cousin in Uganda who wants to will you a million dollars find you?

If you do get some really cute story in your e-mail and you REALLY want to pass it on, just copy and paste into a new e-mail. Hackers already don’t work for a living. Why make their life on Easy Street easy?

Play Games at Your Own Risk

There are all kinds of games on Facebook. We can join causes or keep up with high school peeps, but often it requires granting permission to an application to have access to our information. Not all of this is nefarious, since if I am an application that wants to connect alumni, I need that information.

But these applications are gateways for hackers and phishers, too. I don’t play games like Farmville for that reason (frankly, it’s also because I don’t have time). But any of those games are a risk, so be alert and don’t just grant access to anyone. I rarely join ANYTHING that wants access to my account information, even if it will make life easier.

We have to do the cost-benefit analysis. Sure we can have fun, or an ease of access….but we can also grant fun and ease of access to thieves.

Don’t Use Tweet Validation Services and DO NOT FOLLOW People Who do

I don’t like any service that directs people to an outside page. Anything that directs us off Twitter is vulnerable and can be hijacked. We could be redirected to a copycat site that is there to capture information.

We don’t need validation services. It is not THAT hard to unfollow bots. If someone follows us then they spam us, it takes two clicks to report and block them.

If I follow someone and I get A DM that I need to click a link to prove I’m a real person? I move on. That is a good way to get hacked. And, since I don’t like people making me vulnerable to attack, I just make it my policy to not open any of YOU to attack.

It’s being a good TweepDog.

So to sum up:

1. Never give information to any unconfirmed source.

2. If a message upsets you, calm down before giving any information.Thieves want us reactive. Remain CALM AND PROACTIVE.

3. Never click on any outside link. Ignore validation services. There are plenty of people who won’t make you jump through hoops and open you up to viruses who will befriend you.

4. USB drives are classic tools for getting malware through a firewall. If you don’t trust where a drive came from, don’t insert it into your computer.

5. Always report any attempts to gain access to your information or accounts.

6. Keep an eye out for friends, family and members of your network. Alert them if it seems their account has been compromised.

7. Do NOT use any outside validation services. This opens those in your network to hackers.

Social media is, above all else, SOCIAL. It is far easier to relax and have a good time if we aren’t having our bank accounts emptied. Remember, they call those people con artists for a reason. They will be cunning, clever and quick…but we can be educated and work together.

Please post this blog to your networks, send it to friends and family so they know how to stay safer. The more educated we all are, the safer we are. Together we are stronger.

I hope you enjoyed these tips, but I do have to say that Internet security is not my specialty, but WANA International has someone who is an expert on the subject. Jay Donovan, founder of Tech Surgeons is offering a course on Internet Privacy and Security. This is a valuable class for all of us, but especially valuable for writers who are worried that what they write might cost them a day job (I.e. those who write political or religious works or genres like erotica). While I generally recommend to avoid pen names, sometimes they are a must. Jay can teach you how to maintain that privacy without going nuts.

Have you ever been hacked or phished? What did you do? How did it make you feel? I know I don’t know everything, so what are some tips YOU guys would recommend? I know there are some computer geniuses in my following. Help us out. What are some more ways we can stay safe? How can we better look out for one another?

I LOVE hearing from you!

To prove it and show my love, for the month of February, everyone who leaves a comment I will put your name in a hat. If you comment and link back to my blog on your blog, you get your name in the hat twice. If you leave a comment, and link back to my blog, and mention my book We Are Not Alone in your blog…you get your name in the hat THREE times. What do you win? The unvarnished truth from yours truly.

I will pick a winner once a month and it will be a critique of the first 20 pages of your novel, or your query letter, or your synopsis (5 pages or less).

And also, winners have a limited time to claim the prize, because what’s happening is there are actually quite a few people who never claim the critique, so I never know if the spam folder ate it or to look for it and then people miss out. I will also give my corporate e-mail to insure we connect and I will only have a week to return the 20 page edit.

At the end of February I will pick a winner for the monthly prize. Good luck!

I shared this on Facebook in hopes that my mom will read it. I restrained myself from tagging her. 😀 Perhaps reading it from someone other than her daughter will get her to change some of her bad habits.

I’ve been trying to teach my Hubz these things for years. It seems as soon as I get the bugs off my computer, he comes in and re-infests it. I even got my Itunes hacked. They changed the password, my security info, and even the emails so I cant get back into it… I don’t have a card on there (thank goodness!) but all my tunes I bought over the years, is off limits until I can get back into the account… Moral of the story… give hubz a laptop and keep him off my desktop. He’s much happier to lay on the couch and crud up the laptop anyway.

I have the same problem with my father-in-law. I finally took away his ability to install programs on his computer without my approval. As he’s been learning, he’s been getting privileges back on his computer.

Hi Kristen,
An excellent post with relevant information. I don’t use Tweet Validation Services but I have gone through the validation process for others . . . not anymore. 🙂 Thanks for the heads up and have a great day! (Love the woolly photos, btw. 🙂

I have always been super-supicious of things such as what you shed light on here. There is such a freedom online that to expect to see no one exploit it is foolish. I use to play games out of boredom, but now I fill that time by writing. I want to be a serious author and do not have time for hackers, phishers or that type of foolishness. Thanks for the tips Kristen.

THANK YOU for this! My twitter account gets hacked on a fairly regular basis with the someone is saying bad things about you message. I don’t use a verification service either. You know…it’s sort of embarrassing and then all of these people that you really don’t know are genuinely pissed off! I’ve never ever opened that short-link, but just know to change my password immediately! Been safe on Facebook…so far. Sheesh…when I think that these bright people could direct their technical acumen someplace positive…. sad 🙁

Great advice here, I’ve seen so many of these scams and have deleted them right away. And whenever any are from a ‘friend’ I know but seem out of character I alert the real person to see if they know anything about it so they can look into things and change passwords and security.

Thanks for confirming my suspicions that those ‘send to your favorite 30 friends’ orders are in deed trash and risky. I sometimes have a twinge of guilt for not responding, but I get too much email anyway. Therefore, I always junk them. Great post, excellent information. Thanks.

I’ve seen a slight twist on the “e-mail from a friend” scam: The scammer isn’t actually using your friend’s e-mail at all, he’s using a similar address instead. I got an email from my friend, and it looked like my friend’s e-mail address but when I looked at the e-mail again, I saw that it was really just slightly misspelled. E.g., instead of myfriend@***.com, it was myfriiend@***.com. So if you reply to the e-mail, you will get a response from the scammer, but the scammer didn’t really have my friend’s e-mail hacked.

Yes, the spelling can be a useful clue – did anyone notice how ‘Facebook security’ was spelled on that Facebook popup pictured? Really dodgy! Not that I’d trust anything suspicious even if the spelling was OK, but it can be a big fat warning sign 🙂

Reblogged this on Jenny Hansen's Blog and commented:
Ever wondered how to REALLY be safe on social media? Kristen’s post today is a must-read on the topic. Go forth and learn some great tips on keeping virus and malware free…. ~ Jenny

I have been a a few of these scams a recepient of a few of these scams and they are nasty. You soon learn but hopefully not the hard way. recently aa twitter friend sent me an … I am stranded and need money quick message. I knew it wasn’t from her as the font, letters she wrote normally was different and it was worded in a way she wouldn’t normally use. I forwarded it back to her straight away and sure enough she had been hacked. Those trolls are a busy lot for sure.

Wow… are you in my head or have cameras installed at my house…?!
This morning I almost loaded up the computer to race out to the Geek Squad because NOTHING connected, everything froze up, and I was convinced I’d contracted malware somehow. Even without clicking or doing anything remotely risky, it is possible to hit the ‘off’ site that can install spyware, malware, creepware… whatever those smarter-than-me crooks can figure out to make life miserable. Remember the java stories just a few short weeks ago? And the remote camera enabling on the news…?
After some deep breathing and the presence of my personal 17yo geek son (hand holding counts for Alot!) I managed to do some sleuthing and figured out the problem:
a patch was necessary for Windows 8 to be compatible with my security software.

Moral of the story: Run scans periodically and don’t depend on your software company to do everything for you. Be proactive and become familiar with its support network and the guts of your computer!

Thank you for your wise advice Kristansan. I reserve a front row seat next to Jenny Hansen for Jay’s class and I’m taking notes.

Yep, you’re talking to me. Trusting and naive. Today someone wanted an epub copy of my latest book so they could write a review. That may not be hacking, but it’s a good way for them to sell my book, so I offered a PDF and asked for their website and review site URLs. Was that enough? I hope so. Thanks. I linked this to FB

You’re providing such a great service here, Kristen! I once clicked on one of those “your computer has been infected” things and within minutes they’d frozen my computer and started eliminating files. A nightmare.

And thanks for advising against those *&%! Facebook games. Not only do I have no time for games, but they’re mostly ways to access your personal information. This is a great rule I wish everybody would follow ” I rarely join ANYTHING that wants access to my account information, even if it will make life easier.”

Reblogged this on pamelavmason and commented:
I nearly had to pack up the computer and head out for the computer team this morning when my new computer wouldn’t connect.
I racked my brain… where did I go last night out there, surfing cyberlandia? Did I hit any ‘off’ links? Get a dreaded malware or virus or spyware…?
All kinds of terrible and strange things are possible – and many of us, innocently enough, are compromising our accounts, identities, and reputations to devious computer hackers and criminals who are – I’ll be the first to admit it – smarter than me.
At least when it comes to computers.
Here Kristen Lamb (WANA superheroine) gives an overview of staying safe on social media. It’s all common sense stuff, but really… haven’t you been tempted to find out if you won the lottery in Tasmania? Or possibly your curiousity got to you and you just… had…to …click on that picture of the __________ (fill in the blank with your personal weakness- I won’t tell!) .
Check out this blog, the comments, and the upcoming WANA digital conference she is putting on next month. There’s a security workshop to attend, and I’ve got my seat reserved in the front row!
A Bientot!

*Sigh* this doesn’t happen to me! I mean it did once in the past, I’m sure, but I learned quickly to never believe “Someone’s saying bad things about me” or “Did I see the picture of myself on this site.” I have a friend, though, who gets hacked–or used to–as least once a month. How? I’m still not sure. It got to the point where we all had to put our feet down and make her get a new Twitter account. When that still didn’t work, I simply had to unfollow her. It wasn’t to be cruel, but I just couldn’t handle never being sure if I was talking to her, or a cyber bot hacker monger! If ever I get an email or DM from a friend that I’m not 100% sure of it’s origin, I either hit them up on the side to see if they sent it, or open the link on my phone. It might get a few of my contacts that way (not sure how it works) but at least I know it won’t send me a virus that crashes my cell!

Hi, Kristen and friends: Wow so timely! I have an email allegedly from WP (have a WP site) saying a comment is ‘awaiting moderation,’ with links to click for ‘spam’ ‘publish’ etc. I DID NOT click any! When I log into WP there are no comments in the cue and the comment in the email is not in the spam net nor, thankfully, on my website. Is this a hack attempt or am I just paranoid? (Or both. Always a possibility.) Thanks for the great post and super community!

Hillari, does highlighting the link go to your WordPress site? If not, my best guess is that the email was a phishing attempt to see if your email address is real. If so, they’ll add you to their spam lists.

The worst part of this, the Wonderful World Wide Web, is that we are sitting ducks for the malicious.

I watched my husband willingly download malware just recently myself. Why? Because he needed a piece of software and the web page he found that seemed to offer said software, looked legitimate enough that he was comfortable clicking the download link. What he got instead was disaster. That website, knowing how that piece of software is required by certain sections of the population, built a page that looked professional and legitimate and used it to install malware on unsuspecting peoples’ computers.

It’s so hard to be savvy that it is almost completely discouraging. Even when something looks legitimate, it pays to dig a little deeper because the clues are there somewhere.

As you stated, ALWAYS alert your friends when you think their accounts have been hacked. Sometimes, that’s the only way they will ever know. I’d rather be notified on a false claim than have a real one go unchecked.

When you are picking a password, make sure it is a term that is easy for you to remember but not one that is closely tied to you (and please don’t make it “password1” or “pass1234” or something similar.) Using at least one number and one capital letter is also a good idea. It’s not hard to create a safe password if you put just a tiny bit of thought into it.

Make your blog password unique from all of your other ones. A hacker who breaks into one of your sites will try your password in your blog’s admin page.

And PLEASE do not store your passwords in one of those little books that says “Internet Password Book” on its cover. That’s asking for trouble. Ask your browser to remember them instead.

Thank you for this! Apparently, my Facebook or email account got hacked somehow over the weekend and sent out phishing emails to friends. I was thrilled that two friends (thanks, Catie & Tiffany) alerted me to the problem. I then spent hours cleaning my computer, backing up data files, and changing passwords. I think it’s all okay now. *crossing fingers* I don’t know how the hackers got in, though.

Excellent post. As many of your readers have said, I have received these types of emails, tweet, etc. in the past and have been a bonehead. I now recognize most dishonest communications and am on guard against them. Bu, I have not been alerting the authorities; I will from now on though.

Hi Kristen, those were excellent tips. Thank you.
My name is Janet Tan and I’ve started my own writer’s blog recently. I have just completed a blog hop, answering some simple questions about my upcoming book to garner interest from my readers and followers about my next project. I have tagged you in my post to complete the same blog hop. I look forward to reading your next post soon. Here’s a link to my blog: http://witchdoctress.wordpress.com/

I’ve received DM’s just like the one you showed on Twitter, but I didn’t click the link, merely contacted the person to tell them this was happening. My webpage was constantly being spammed, and my Subdreamer software doesn’t prevent these constant comments about selling designer shoes and such. I was getting slammed with 12 spams a day and finally closed off my comment section until a fix can be found. Very frustrating. Great article, Kristen.

Reblogged this on Gerry Wilson and commented:
Today, I’m sharing Kristen Lamb’s “Digital Sheep Get Slaughtered–Being Safe On Social Media.” Kristen’s article provides important tips for staying safe on the ‘Net. My Twitter account was just hacked, so this piece was timely for me. I was a sucker for the “Here’s a funny photo of you” kind of phishing. I opened it on impulse, just not thinking. We always need to be aware, and that’s the gist of Kristen’s article. A worthy read. Thanks, Kristen.

Kristen, this article is so timely for me. I acted on impulse yesterday and opened a link my *son* had sent on Twitter, but it obviously wasn’t from my son! An embarrassing slip, but it goes to show how easily we can be phished if we aren’t constantly aware.

I’m reblogging this post; hope that’s okay with you. It’s important information, the kind that deserves to be spread around. Thanks.

Excellent. I have almost stopped my friends from forwarding those emails to me – almost. I will email one person this article because he has to know.
I do use some applications through my blog – I wonder if those are okay? Between Twitter and Facebook?
Thanks again,
Blessings,
Janis http://www.janiscox.com

Recently I was receiving emails that claimed that my supposed arrest records were now online for all the public to see. I was just a click away from finding out more – I didn’t take the bait. There are as many come-ons as their are con-persons lurking in the black hole of cyberspace. Be always vigilant.

Great information! Thank you so much! I am new to the internet and all of this helps. By the way, I just included a link to this post in my blog, Lorraine’s Life, found at http://lorrainemariereguly.wordpress.com

Hi Kirsten, many thanks for the article, very helpful indeed. I have had to avoid quite a few of these over the last few years, a real pain!. That classic, ‘someone is saying nasty things about you’ was all over my twitter account. Bless you for the info which i am sure will help many people. I retweeted and shared on Linked In etc. Write on! Cheers Dave/ AscensionForYou

Thank you for calling out these scams. Some I knew, but when you mentioned the toddler climbing you like a mountain, ha! How many times have I clicked away without really thinking? I needed the wake up call.

Hi, Kristen. Terrific post, and I learned a few new things. But I’d suggest a different approach to links in e-mails, Facebook posts, tweets, etc. Instead of just not clicking on any link ever, if the message seems to be from a friend or acquaintance, someone you’d otherwise trust, just put your pointer over the link (DO NOT click!). A “tooltip” box will pop up that will show where the link is really pointing to. If the real link is different from what’s shown on the screen, that’s a big red flag: don’t click on that link!

Unfortunately, this technique won’t help if the link has been shortened (if the URL includes t.co or ow.ly or bit.ly, for example) and it’s still no guarantee that the site the link takes you to is legit if the two addresses match, but it’s better than an absolute “don’t-ever” rule.

I’ll be adding a link to this post to my Great Stuff on the Writers’ Blogs post, which will be published tomorrow. This is too good to not share.

Thanks, Kristen and Jay. Very helpful. I’m a little confused though about the verifying stuff. Obviously, you’re not talking about when we subscribe to someone’s blog (like I just did with Krisen’s), rather a random popup message across a Twitter post or something? Thanks.

Great Post:-) I have been phished before on Twitter and it’s not fun;( I got the one about ‘hey somebody is saying nasty rumors about you and of course I fell for it…but no longer! I ended up sending DM’s or emailing everyone that was connected with me on Twitter telling them my account had been phished and to be aware. It turned out to be positive in the end…I had people thanking me for letting them know…but it’s much easier to be aware and not have to go through all that in the first place! Thanks for the heads up re: the Facebook Security too…will be on the lookout:-) A very helpful post! Will tweet 🙂

Yahoo sent me an E-mail that I was reaching 30G and I may not get my E-mails unless I did something so I was cleaning out my Inbox and deleted other sections as well. I was saving your E-Mail of your blog not the comments and I found this one of the sheepdog, which I had not read. I decided to read it and delete. I can always re-read on the archives of your blog. I have relatives (immediate and distant). I am trying to figure out if they are doing the hatred for the government or the church or the both. I have perceived that my success could affect their inheritance. There are those in the church and social fraternal orders that play evil or intentionally bad as SOCIETY GAMES. Makes you wonder what the military is doing to stay in step just in case there is world war or something. I try to ignore it and move on. I try to live my life as best as I can, knowing the nonsense exists. Back to trying be published the hard way.

Reblogged this on Brick House and commented:
I don’t normally re-blog, but given the amount of my friends on Facebook that end up having their email accounts hacked, I decided to re-blog this one. Kristen’s blog also has several entries on Social Media if you are interested. She is a very talented writer, and I ran across her blog from Eugene Scott’s The Year of Living Spiritually (escott.wordpress.com), another blog I follow. Both are great reads – check them out!

Great post – thank you for the insight! I reblogged to mine (I hope that’s okay!)- I have friends and family that are not as tech savvy and I often read of them getting their emails hacked, etc. Good reminders for me too, as I am not exactly prolific. 🙂

People on Twitter are always screaming, “I was hacked!” This happens most often after Tweets that put the user in a bad situation. When I see “I was hacked!” my reply, as a former computer security guy, is “No, you weren’t.” One of three things happened: 1)You wish you hadn’t sent that tweet, and now you want out from under; 2) You were phished, or 3) Your password was easy to guess. (I’m looking at YOU, Paris Hilton!) None of these is “hacking.” Nobody broke into Twitter and altered the database or the operating code. There was no “hacking” involved. Don’t tell me there was.

Featured Books

What is a brand? A platform? Why do we need one? How do we get one? Better still how can we crate a brand with the power of driving book sales and still have time left to do THE most important part of our job? Writing more books.
This book demystifies branding and social media and harnesses the same passion and imagination we authors use to write books, then uses that to locate and cultivate a devoted fan base. The methods taught in this book can weather any technological upheaval, and is virtually fad-proof. The new cool social site might change, but your platform will remain. read more »

Buy This Book Online

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.